NISER > Alerts > MyCERT Advisories & Summaries > MA-009.051999: Russian New Year Attack: Excel 97 CALL Vulnerability
MA-009.051999: Russian New Year Attack: Excel 97 CALL Vulnerability
Original Issue Date:
Russian New Year Attack is security exploit that triggered through the Excel's CALL function. Microsoft Excel of Office 97 has a function named CALL which allow external executable to be initiated that a vulnerable. This vulnerability could be exploit so the Excel spreadsheet can be used to copy files and execute programs.
It only effected Microsoft Excel 97, Service Release 2 (SR-2) with CALL enable.
The CALL function in Excel is to calls procedures from external dynamic link libraries (DLLs) to a worksheet. This is permitted in Excel but it possible for CALL to allow external DLL without user knowing which could be used for malicious purposes.
By taking advantage of this vulnerability, a person can launch an attack such as transfer file and execute program on your machine.
2.0 POSSIBLE STEPS
To verify the Excel version that you are using, click About Microsoft Excel on the Excel Help menu. If you are running Microsoft Excel 97 SR-2, your Microsoft Excel are expose to this vulnerability.
One way to remove it is to disable the automatic CALL function. Follow the steps below,
2.2.1 Download the patch file at
2.2.2 Then, select Run this program from its current location.
2.2.3 During the installation answer Yes, for the question "... Do you want to run the patch now?"
4.0 MORE INFORMATION
To obtain more information on this virus, please refer to the following site :
Disclaimers and copyright information
Last Update April 19, 2001